control-webpanel

Top products

The 15 most recently published vulnerabilities affecting control-webpanel.

• CVE-2025-48703CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request....KEV9.0Sep 19, 2025
• CVE-2023-42123Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability8.8May 3, 2024
• CVE-2023-42122Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability7.8May 3, 2024
• CVE-2023-42121Control Web Panel Missing Authentication Remote Code Execution Vulnerability9.8May 3, 2024
• CVE-2023-42120Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability8.8May 3, 2024
• CVE-2022-44877login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.KEV9.8Jan 5, 2023
• CVE-2021-45467In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a ...9.8Dec 26, 2022
• CVE-2021-45466In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.9.8Dec 26, 2022
• CVE-2022-25048Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.8.8Jul 7, 2022
• CVE-2022-25047The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.5.9Jul 7, 2022
• CVE-2022-25046A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.9.8Jul 7, 2022
• CVE-2021-31316The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.9.8May 18, 2021
• CVE-2021-31324The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.9.8May 18, 2021
• CVE-2020-15628This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerab...7.5Jul 28, 2020
• CVE-2020-15627This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerab...7.5Jul 28, 2020